agenttesla | 78a7a2d3fe81093de20c908524648902544e02f30a2205004f44ee75371fb230 | Triage

Submit
Reports

Overview

overview

Static

static

5

78a7a2d3fe...30.exe

windows7-x64

78a7a2d3fe...30.exe

windows10-2004-x64

Sharing

General

Target

78a7a2d3fe81093de20c908524648902544e02f30a2205004f44ee75371fb230.exe
Size

1.1MB
Sample

241120-plhs5a1mhj
MD5

2e4ad078364fb01445cfb9c7ddcad970
SHA1

eb8ecc92c0b14a203dd874fb7b03becabe7bac10
SHA256

78a7a2d3fe81093de20c908524648902544e02f30a2205004f44ee75371fb230
SHA512

201fae2b153b4a5383ceaa86c48f7e5ba9bde29cd0f85f33b5b3fe68bae57f33a84afe2433d11ac8f12b987b30b9cb639ba963593ee50f77d458a55a88ffc794
SSDEEP

24576:uRmJkcoQricOIQxiZY1iaC5Bpmth937sXGNttdK1zHX:7JZoQrbTFZY1iaC5vml37sXGNt2t

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

78a7a2d3fe81093de20c908524648902544e02f30a2205004f44ee75371fb230.exe

Resource

win7-20240903-en

agenttesla discovery keylogger spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

78a7a2d3fe81093de20c908524648902544e02f30a2205004f44ee75371fb230.exe

Resource

win10v2004-20241007-en

agenttesla discovery keylogger spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: ftp
Host:
ftp://ftp.stingatoareincendii.ro
Port:
21
Username:
[email protected]
Password:
3.*RYhlG)lkA

Targets

- Target
  
  78a7a2d3fe81093de20c908524648902544e02f30a2205004f44ee75371fb230.exe
- Size
  
  1.1MB
- MD5
  
  2e4ad078364fb01445cfb9c7ddcad970
- SHA1
  
  eb8ecc92c0b14a203dd874fb7b03becabe7bac10
- SHA256
  
  78a7a2d3fe81093de20c908524648902544e02f30a2205004f44ee75371fb230
- SHA512
  
  201fae2b153b4a5383ceaa86c48f7e5ba9bde29cd0f85f33b5b3fe68bae57f33a84afe2433d11ac8f12b987b30b9cb639ba963593ee50f77d458a55a88ffc794
- SSDEEP
  
  24576:uRmJkcoQricOIQxiZY1iaC5Bpmth937sXGNttdK1zHX:7JZoQrbTFZY1iaC5vml37sXGNt2t
Score

10^/10

agenttesla discovery keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Agenttesla family
  agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

agenttesladiscoverykeyloggerspywarestealertrojan

behavioral2

agenttesladiscoverykeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy